From: | Michael Orlitzky <michael(at)orlitzky(dot)com> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: (Default) Group permissions |
Date: | 2013-07-01 01:31:18 |
Message-ID: | 51D0DBE6.3000008@orlitzky.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 06/30/2013 09:12 PM, Andrew Sullivan wrote:
>
> If you want "easy", then just give different databases per user. If
> you want complicated, you need an administrator; yes, that needs to be
> in some sense under the control of the host. We have roughly 40 years
> of experience with these things, and the evidence is that
> "comprehensive but easy" is either badly insecure or very hard to
> operate well. Which trade do you want to make?
>
This is a false, er, trichotomy? The requirements I listed aren't very
hard to meet. Here's how you do it for a directory on the filesystem
(why do I get the feeling nobody is going to check out the repo):
# Admins can do anything.
setfacl -m group:admins:rwx *-project
setfacl -d -m group:admins:rwx *-project
# The customer's developers can access their own projects.
setfacl -m group:customer-devs:rwx customer-project
setfacl -d -m group:customer-devs:rwx customer-project
# The anonymous user can only read things.
setfacl -m user:anonymous:rx customer-project
setfacl -d -m user:anonymous:rx customer-project
This will work for eternity, and is perfectly secure. "Easy" is
relative, but it's easy for me, and I only have to do it once, so who
cares. I have find/xargs scripts that do the hard part for me.
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Sullivan | 2013-07-01 01:56:39 | Re: (Default) Group permissions |
Previous Message | Michael Orlitzky | 2013-07-01 01:17:53 | Re: (Default) Group permissions |